Transmission control protocol (tcp) data handling

ABSTRACT

A method for handling transmission control protocol (TCP) data between networked computer nodes during blackout periods associated with live kernel updating is provided. The method includes initiating a live kernel update on a first node, transmitting, prior to performing a network blocking procedure associated with the live kernel update, a zero window update to one or more peer nodes, generating a surrogate partition associated with the first node, copying network states from an original partition associated with the first node to the surrogate partition, restoring the network states on the surrogate partition, and transmitting another window update to the one or more peer nodes.

BACKGROUND

The present invention generally relates to transmission control protocol(TCP) data handling, and more particularly to TCP data handling duringperiods of potential network or operating system downtime.

For users running business critical workloads, e.g., on a networksystem, such as AIX Power System, it may be desirable to eliminatedowntime associated with the deployment of patches or updates to thesystem running the workloads, e.g., when patches or updates require areboot of an AIX logical partition. It may be desirable that the patchestake effect without any downtime to the running workloads or that theworkloads take advantage of new types of patches (e.g., directed tokernel, kernel extensions, libraries). For example, a live kernel updatemay limit such downtime, but such patches may be limited to kernel andkernel extensions. These patches are typically delivered to users as“iFIXES” and may be in response to user-reported issues. However, somepatches may still require an AIX partition reboot, e.g., when a changein the AIX kernel or loaded kernel extensions is required. In someinstances, patches to critical libraries may also require an AIXpartition reboot.

During a live kernel update, network traffic to and from a logicalpartition (on a system or node receiving the update) may be blocked.Remote peers in the network (e.g., peer nodes) may transmit data thatmay not be received by the blocked node, and the remote peers mayretransmit the unreceived data. If the time allotted for retransmission(e.g., a retransmit span) is shorter than the duration of the networktraffic blockage (e.g., network blackout period), a connection reset mayoccur.

SUMMARY

According to one embodiment, a method for handling transmission controlprotocol (TCP) data between networked computer nodes during blackoutperiods associated with live kernel updating is provided. The methodincludes initiating a live kernel update on a first node, and the livekernel update includes performing a network blocking procedure. Prior toperforming the network blocking procedure, the method includes,transmitting a zero window update to one or more peer nodes, generatinga surrogate partition associated with the first node, copying networkstates from an original partition associated with the first node to thesurrogate partition, restoring the network states on the surrogatepartition, and transmitting another window update to the one or morepeer nodes.

According to another embodiment, a computer program product for handlingTCP data between networked computer nodes during blackout periodsassociated with live kernel updating is provided. The computer programproduct may include at least one computer readable non-transitorystorage medium having computer readable program instructions forexecution by a processor. The computer readable program instructions mayinclude instructions for initiating a live kernel update on a firstnode, transmitting, prior to performing a network blocking procedureassociated with the live kernel update, a zero window update to one ormore peer nodes, generating a surrogate partition associated with thefirst node, copying network states from an original partition associatedwith the first node to the surrogate partition, restoring the networkstates on the surrogate partition, and transmitting another windowupdate to the one or more peer nodes.

According to another embodiment, a computer system for handling TCP databetween networked computer nodes during blackout periods associated withlive kernel updating is provided. The system may include at least oneprocessing unit, at least one computer readable memory, at least onecomputer readable tangible, non-transitory storage medium, and programinstructions stored on the at least one computer readable tangible,non-transitory storage medium for execution by the at least oneprocessing unit via the at least one computer readable memory. Theprogram instructions may include instructions for initiating a livekernel update on a first node, transmitting, prior to performing anetwork blocking procedure associated with the live kernel update, azero window update to one or more peer nodes, generating a surrogatepartition associated with the first node, copying network states from anoriginal partition associated with the first node to the surrogatepartition, restoring the network states on the surrogate partition, andtransmitting another window update to the one or more peer nodes.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

The following detailed description, given by way of example and notintended to limit the invention solely thereto, will best be appreciatedin conjunction with the accompanying drawings, in which:

FIG. 1 is a flowchart illustrating an exemplary method of handlingtransmission control protocol (TCP) data between networked computernodes during blackout periods associated with live kernel updating,according to an embodiment;

FIG. 2 is a flowchart illustrating an aspect, from a perspective of apeer node, of an exemplary method of handling TCP data between networkedcomputer nodes during blackout periods associated with live kernelupdating, according to an embodiment;

FIG. 3 is a block diagram illustrating a computing node, according to anaspect of the invention;

FIG. 4 depicts a cloud computing environment according to an embodimentof the present invention; and

FIG. 5 depicts abstraction model layers according to an embodiment ofthe present invention.

The drawings are not necessarily to scale. The drawings are merelyschematic representations, not intended to portray specific parametersof the invention. The drawings are intended to depict only typicalembodiments of the invention. In the drawings, like numbering representslike elements.

DETAILED DESCRIPTION

Various embodiments of the present invention will now be discussed withreference to FIGS. 1-5, like numerals being used for like andcorresponding parts of the various drawings.

According to one embodiment, provided is a method for handlingtransmission control protocol (TCP) data between networked computernodes during blackout periods associated with live kernel updating byinitiating a live kernel update on a first node, which includesperforming a network blocking procedure, transmitting a zero windowupdate to one or more peer nodes prior to performing the networkblocking procedure, generating a surrogate partition associated with thefirst node, copying network states from an original partition associatedwith the first node to the surrogate partition, restoring the networkstates on the surrogate partition, and transmitting another windowupdate to the one or more peers. The zero window update may inform peersthat the first node will not be able to receive data, e.g., from thepeers. The peers may desist from sending data to the first node. Thus, aconnection reset may be avoided due to repeated data transmission thatmay be blocked during a live kernel update.

After the live kernel update (e.g., when the surrogate partition on thefirst node is no longer blocked from network traffic), a window update(e.g., another window update with a size greater than zero) may betransmitted to the peers and TCP/IP communications between the peers andthe surrogate partition on the first node may resume.

In another embodiment, a peer may inflate a socket send buffer size(e.g., above a normal size such as 64 Kb) in response to a notice that alive kernel update has been initiated. This may allow the peer to stageadditional data in the socket send buffer (rather than sendingadditional data that may be blocked, e.g., when a zero window update isreceived), which may further avoid a disruptive TCP timeout (e.g.,connection reset). Temporarily increasing the socket send buffer sizemay smoothen the effects on TCP data handling due to live kernelupdating.

During a live kernel update (e.g., an AIX live update operation) on anoriginal partition in a first node, the first node may create asurrogate partition that may have the same characteristics as theoriginal partition. Data on the original partition may be migrated tothe surrogate partition. During data migration to the surrogatepartition, network traffic may be blocked to and from the first node(e.g., the original partition and surrogate partition). Network blockingmay include loading an internet protocol (IP) filter to block networktraffic to and from the IP addresses for the first node.

FIG. 1 illustrates a first flowchart 100 depicting an exemplary methodfor handling TCP data between networked computer nodes during blackoutperiods associated with live kernel updating, according to anembodiment. The network computer nodes may include a first node and oneor more peer nodes. At 102, a live kernel update is initiated on thefirst node. The live kernel update may be initiated on an originalpartition (e.g., a first logical partition) on the first node. The livekernel update may include performing a network blocking procedure, e.g.,by blocking network traffic to and from IP addresses associated with thefirst node.

At 104, a zero window update may be transmitted to one or more peernodes (in the network) and the transmission may occur prior toperforming the network blocking procedure associated with the livekernel update. The zero window update may be a communication thatinforms (receiving) peer nodes that the node sending the zero windowupdate cannot receive any data. In response, peer nodes may refrain fromtransmitting data to the node sending the zero window update. Typically,zero window updates are sent to convey to other nodes that a receivebuffer is full (i.e., the receive buffer has no capacity to receive anyincoming data). Here, however, a zero window update may indicate that anode may not receive data for another reason, e.g., network traffic maybe blocked to and from the node. A network blocking procedure may beperformed after the zero window update is transmitted, which may blocknetwork traffic to and from sockets associated with the first node(e.g., associated with an original logical partition on the first node).

The zero window update may be advertised, e.g., to the remote peers onall the existing connections (to the first node). A list of processcontrol blocks (PCBs) on the system (e.g., the first node) may bescanned for any TCP connections. A zero window update may be transmitted(e.g., advertised) through each TCP connection.

At 106, a surrogate partition associated with the first node may begenerated. Generation of the surrogate partition may be based on thelive kernel update. During the live kernel update, the first node maygenerate a surrogate partition and migrate data from an original logicalpartition to the surrogate partition. The surrogate partition may begenerated after the network blocking procedure has commenced, e.g.,while the network traffic to and from the first node is blocked.

The surrogate partition may have the same characteristics as theoriginal partition. For example, in an automated mode, an AIX liveupdate operation may create a surrogate partition having the samecharacteristics as the original partition. The root volume group of thesurrogate partition (e.g., surr-boot-rootvg) may be a cloned image ofthe root volume group of the original partition (e.g., orig-rootvg). Thecloned image may be created using the AIX utility alt_disk_copy, whichmay clone the root volume group (of the original partition) and updateit with a patch (e.g., an iFIX patch).

Cloning the image of the root volume group may be similar tofunctionality for updating workloads deployed in a workload partition(WPAR) environment, which may allow updating a kernel or kernelextension running on an AIX logical partition (e.g., a live applicationmobility feature). While a workload is running, the root volume group ofthe original partition (e.g., orig-rootvg) may be mirrored onto amirrored surrogate partition (e.g., surr-mir-rootvg).

After the cloning process, the applications associated with theworkloads may be checkpointed (e.g., saving snapshots of anapplication's state). During the checkpointing process, the root volumegroup of the original partition (e.g., orig-rootvg) may be split. Themirrored copy of the root volume group (e.g., surr-mir-rootvg) may beimported on the surrogate partition. File systems associated with theroot volume group may be mounted in a chrooted environment (e.g., anenvironment updated by chroot; a modified environment where an operationchanged the apparent root directory for a running process and thechildren of the apparent root directory). The workload may be chrootedon the mirrored volume group, e.g., when the workload is restarted onthe mirrored volume group.

When a predetermined amount of data from the original partition istransferred to the surrogate partition, the original partition may beremoved (and may be transferred, e.g., to another disk). Remainingresources (e.g., consumed by the original partition) may be transferredto the surrogate partition. A subsequent reboot of the surrogatepartition may use the mirrored volume group (e.g., surr-mir-rootvg) as apermanent root volume group for the partition.

The AIX live update operation may be carried out using a standard AIXtool, e.g., geninstall, which may deploy iFIXES and other updatepackages.

In a scenario where a user may choose to run a workload in anenvironment prior to an AIX live update operation (e.g., rollback), therunning may be achieved by using the disk hosting the original(transferred) partition (e.g., orig-rootvg).

At 108, network states (e.g., TCP/IP states of the sockets associatedwith the first node) may be copied from the original partition on thefirst node to the surrogate partition. Copying the network states may bebased on the live kernel update. Copying the network states may be partof a data migration from the original logical partition to the surrogatepartition, e.g., as part of the live kernel update on the first node.During the data migration, applications running on the original logicalpartition may be frozen.

At 110, the network states (e.g., associated with the first node) may berestored on the surrogate partition. The restoration of the networkstates may be based on the live kernel update. The restoration of thenetwork states may include checkpointing the surrogate partition. Whenthe surrogate partition is started (e.g., booted), it may start up whilethe network traffic (to the node) is blocked.

At 112, another window update may be transmitted to the one or more peernodes. For example, after the network states are restored on thesurrogate partition, and before any frozen applications (e.g.,applications frozen during the data migration from the original logicalpartition to the surrogate partition) are unfrozen on the surrogatepartition, a list of PCBs on the surrogate partition may be scanned forTCP connections. Scanning the list of PCBs may be performed whilenetwork traffic is blocked to and from the first node (e.g., and socketsassociated with the surrogate partition). Another (non-zero) windowupdate may be transmitted (e.g., advertised) through each TCP connectionafter the network blocking procedure on the first node (e.g., thesurrogate partition) has ceased.

The another window update may inform peers that the sending node (e.g.,sockets associated with the surrogate partition) may receive data. Inother words, the another window update may advertise that the receivebuffer on the sending node is greater than zero and may have capacity toreceive data. For example, the another window update may be for a normalsize such as 64 Kb.

Upon receiving the another window update, the one or more peer nodes maystart communicating normally with the first node (e.g., through socketsassociated with the surrogate partition).

FIG. 2 illustrates a second flowchart 200 depicting an aspect, from aperspective of a peer node, of an exemplary method of handling TCP databetween networked computer nodes during blackout periods associated withlive kernel updating, according to an embodiment. The network computernodes may include a first node and one or more peer nodes. The method ofhandling TCP data between networked computer nodes during blackoutperiods associated with live kernel updating may include the steps,procedures, and features described with respect to FIG. 1. FIG. 2illustrates additional aspects of an exemplary method from theperspective of a peer node networked to a first node (associated with alive kernel update).

At 202, a zero window update and a live kernel update notice may bereceived by a peer node. The zero window update may be a communicationthat informs (receiving) peer nodes that the node sending the zerowindow update cannot receive any data. In response, peer nodes mayrefrain from transmitting data to the node sending the zero windowupdate.

The live kernel update notice may be a communication that informs(receiving) peer nodes that the node sending the live kernel updatenotice may experience a live kernel update operation. It will beappreciated that the reaction of the peer node receiving the zero windowupdate or the live kernel update notice may be dependent on the TCPspecifications associated with the peer node. For example, the peernode's reaction to the zero window update may be to stop sending data,according to the peer node's TCP specification. In addition, the peernode (receiving the zero window update) may receive a live kernel updatenotice and may factor the live kernel update notice into the peer node'sresponse to the zero window update.

At 204, in response to receiving the zero window update and the livekernel update notice, the peer node may temporarily increase a capacityof a socket send buffer (e.g., inflate the socket send buffer associatedwith the peer node). For example, the peer node may temporarily inflatethe socket send buffer to a size above a standard size, e.g., 64 Kb.

Network traffic to and from the first node (e.g., the node undergoingthe live kernel update) may be blocked based on the live kernelupdating. Inflating the socket send buffer on the peer node may enable(additional) data to be staged in the socket send buffer of the peer,and may provide an alternative to transmitting the data to a node thatmay not be able to receive the data. Inflating the socket send buffer,as described herein, may avoid disruptive TCP timeouts caused by failedattempts to transmit data to a node that may not be able to receivedata, e.g., the first node undergoing a live kernel update.

At 206, a live kernel update completion notice may be received by thepeer node. The live kernel update completion notice may inform the peernode that the live kernel update (e.g., the live kernel update operationperformed on the first node) has been completed and network traffic toand from the first node is unblocked. It will be appreciated that thereaction of the peer node receiving the another window update or thelive kernel update completion notice may be dependent on the TCPspecifications associated with the peer node. For example, the peernode's reaction to the another window update may be to restart sendingdata, according to the peer node's TCP specification. In addition, thepeer node (receiving the another window update) may receive a livekernel update completion notice and may factor the live kernel updatecompletion notice into the peer node's response to the another windowupdate.

In one embodiment, the live kernel update completion notice may betransmitted to peer nodes along with another (non-zero) window update,as described above. For example, a list of process control blocks (PCBs)on the system (e.g., the first node) may be scanned for any TCPconnections. The live kernel update completion notice may be transmitted(e.g., advertised) through each TCP connection, e.g., after the livekernel update has been completed and the network traffic is unblocked onthe first node.

At 208, in response to receiving the live kernel update completionnotice, the peer node may reduce the capacity of the socket send buffer(e.g., deflate the socket send buffer associated with the peer node).For example, the peer node may deflate the socket send buffer to astandard or normal size, e.g., 64 Kb. In one embodiment, the peer nodemay temporarily inflate a socket send buffer to a size larger thanpreviously set (e.g., in response to receiving a zero window update anda live kernel update notice) and may deflate the socket send buffer tothe same previous size or some other size (e.g., in response toreceiving a live kernel update completion notice).

It will be appreciated that the receiving logic (for the peers) may notbe affected during the inflation (and deflation) of the socket sendbuffer associated with the peer nodes, as described herein.

The ability to temporarily inflate the socket send buffer may becommunicated to the peer nodes during TCP connection establishment. Forexample, a temporary buffer inflation permission may be transmitted to apeer node during connection establishment, and the peer node maytemporarily inflate the capacity of the socket send buffer based on thetemporary buffer inflation permission (and in response to the zerowindow update and the live kernel update notice).

In an alternative embodiment, temporarily inflating the socket sendbuffer (to accommodate a staging area for additional data) may be usedin association with general handling of zero window updates, e.g.,irrespective of live kernel updating. For example, it is contemplatedthat handling TCP data associated with zero window updates can beimproved by employing a method of temporarily inflating the socket sendbuffer of a peer receiving a zero window update.

In one embodiment, during a live kernel update, network checkpointing,e.g., on logical partitions on a first node, may be performed. Acheckpoint and restart of a logical partition's network connectivity mayinclude the following:

Network traffic to and from an original logical partition may beblocked. Network traffic may be blocked by loading an IP filter to blocknetwork traffic to and from IP addresses associated with the node beingcheckpointed. The state of the TCP connection timers may be preserved,which may include removing all the connections from the path of thetimer processing functions and initiated from a global logicalpartition.

For a given file descriptor, file descriptor information may beretrieved and checkpointed. Checkpointing may be initiated from theoriginal partition process context (or the kernel for orphanedconnections) and may include the following:

-   -   Saving the socket state and protocol control block state along        with queued buffers;    -   For sockets in a LISTEN state, the queued connections may be        saved (as they may not have been accepted); and    -   For UNIX domain sockets, the file descriptors embedded in        in-flight messages may be saved.

The network connections may be restored from the checkpoint file onrestart, which may be initiated from the surrogate partition processcontext (or global partition for orphaned connections) and may includethe following:

-   -   Restoring the socket state and protocol control block state and        queued buffers;    -   For sockets in a LISTEN state, the queued connections may be        restored (as they may not have been accepted);    -   For UNIX domain sockets, the file descriptors embedded in        in-flight messages may be restored; and    -   Internet group management protocol (IGMP) packets and sockets        bound to multicast addresses may be requested.

In one embodiment, the method may further include transmitting a livekernel update notice to each peer node from the one or more peer nodes,and in response to receiving the zero window update and the live kernelupdate notice, each peer node from the one or more peer nodestemporarily increases a capacity of a socket send buffer.

In a further embodiment, the method may include transmitting a livekernel update completion notice to the first peer node, and in responseto receiving the live kernel update completion notice, the first peernode reduces the capacity of the socket send buffer.

In a further embodiment, the method may include transmitting a temporarybuffer inflation permission to the first peer node during connectionestablishment, and the first peer node temporarily increases thecapacity of the socket send buffer based on the temporary bufferinflation permission (and based on receiving the zero window update andthe live kernel update notice).

In one embodiment, transmitting the another window update includesscanning, during performing the network blocking procedure, a list ofprocess control blocks for a TCP connection, and transmitting, afterperforming the network blocking procedure, the another window updatethrough the TCP connection.

In another embodiment, transmitting the another window update includesscanning, during performing the network blocking procedure, a list ofprocess control blocks for all TCP connections, and transmitting, afterperforming the network blocking procedure, the another window updatethrough all TCP connections.

In another embodiment, a method for updating a base operating systemwithout restarting applications and minimizing packet loss by settingTCP/IP receive buffer sizes to zero during live kernel migration (e.g.,updating) is provided. The method may include migrating a runningvirtual environment from a first system (e.g., a sending system) with afirst (e.g., a base) operating system level to a second system (e.g., areceiving system) with a second operating system level greater than thefirst operating system level. The method may also include setting eachreceive buffer size to zero (e.g., using a zero window update) for eachTCP/IP socket on the second system (associated with the running virtualenvironment), prior to copying the TCP/IP states from the first systemto the second system.

In a further embodiment, the method may include increasing TCP/IP buffersizes used by the virtual environment on the first system prior tocopying TCP/IP states from the first system to the second system.

In another further embodiment, the virtual environment may be a virtualmachine, a logical partition, and a workload partition.

Embodiments disclosed and contemplated herein may be implemented andperformed on a computing node, e.g., disclosed herein.

FIG. 3 depicts a schematic illustrating an example of a computing node.Computing node 10 is only one example of a suitable computing node andis not intended to suggest any limitation as to the scope of use orfunctionality of embodiments of the invention described herein.Regardless, computing node 10 is capable of being implemented and/orperforming any of the functionality set forth hereinabove.

In computing node 10 there is a computer system/server 12, which isoperational with numerous other general purpose or special purposecomputing system environments or configurations. Examples of well-knowncomputing systems, environments, and/or configurations that may besuitable for use with computer system/server 12 include, but are notlimited to, personal computer systems, server computer systems, thinclients, thick clients, hand-held or laptop devices, multiprocessorsystems, microprocessor-based systems, set top boxes, programmableconsumer electronics, network PCs, minicomputer systems, mainframecomputer systems, and distributed computing environments that includeany of the above systems or devices, and the like.

Computer system/server 12 may be described in the general context ofcomputer system-executable instructions, such as program modules, beingexecuted by a computer system. Generally, program modules may includeroutines, programs, objects, components, logic, data structures, and soon that perform particular tasks or implement particular abstract datatypes. Computer system/server 12 may be practiced in distributedcomputing environments where tasks are performed by remote processingdevices that are linked through a communications network. In adistributed computing environment, program modules may be located inboth local and remote computer system storage media including memorystorage devices.

As shown in FIG. 3, computer system/server 12 in computing node 10 isshown in the form of a general-purpose computing device. The componentsof computer system/server 12 may include, but are not limited to, one ormore processors or processing units 16, a system memory 28, and a bus 18that couples various system components including system memory 28 toprocessor 16.

Bus 18 represents one or more of any of several types of bus structures,including a memory bus or memory controller, a peripheral bus, anaccelerated graphics port, and a processor or local bus using any of avariety of bus architectures. By way of example, and not limitation,such architectures include Industry Standard Architecture (ISA) bus,Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, VideoElectronics Standards Association (VESA) local bus, and PeripheralComponent Interconnects (PCI) bus.

Computer system/server 12 typically includes a variety of computersystem readable media. Such media may be any available media that isaccessible by computer system/server 12, and it includes both volatileand non-volatile media, removable and non-removable media.

System memory 28 can include computer system readable media in the formof volatile memory, such as random access memory (RAM) 30 and/or cachememory 32. Computer system/server 12 may further include otherremovable/non-removable, volatile/non-volatile computer system storagemedia. By way of example only, storage system 34 can be provided forreading from and writing to a non-removable, non-volatile magnetic media(not shown and typically called a “hard drive”). Although not shown, amagnetic disk drive for reading from and writing to a removable,non-volatile magnetic disk (e.g., a “floppy disk”), and an optical diskdrive for reading from or writing to a removable, non-volatile opticaldisk such as a CD-ROM, DVD-ROM or other optical media can be provided.In such instances, each can be connected to bus 18 by one or more datamedia interfaces. As will be further depicted and described below,memory 28 may include at least one program product having a set (e.g.,at least one) of program modules that are configured to carry out thefunctions of embodiments of the invention.

Program/utility 40, having a set (at least one) of program modules 42,may be stored in memory 28 by way of example, and not limitation, aswell as an operating system, one or more application programs, otherprogram modules, and program data. Each of the operating system, one ormore application programs, other program modules, and program data orsome combination thereof, may include an implementation of a networkingenvironment. Program modules 42 generally carry out the functions and/ormethodologies of embodiments of the invention as described herein.

Computer system/server 12 may also communicate with one or more externaldevices 14 such as a keyboard, a pointing device, a display 24, etc.;one or more devices that enable a user to interact with computersystem/server 12; and/or any devices (e.g., network card, modem, etc.)that enable computer system/server 12 to communicate with one or moreother computing devices. Such communication can occur via Input/Output(I/O) interfaces 22. Still yet, computer system/server 12 cancommunicate with one or more networks such as a local area network(LAN), a general wide area network (WAN), and/or a public network (e.g.,the Internet) via network adapter 20. As depicted, network adapter 20communicates with the other components of computer system/server 12 viabus 18. It should be understood that although not shown, other hardwareand/or software components could be used in conjunction with computersystem/server 12. Examples, include, but are not limited to: microcode,device drivers, redundant processing units, external disk drive arrays,RAID systems, tape drives, and data archival storage systems, etc.

It is understood in advance that although this disclosure includes adetailed description on cloud computing, implementation of the teachingsrecited herein are not limited to a cloud computing environment. Rather,embodiments of the present invention are capable of being implemented inconjunction with any other type of computing environment now known orlater developed.

Cloud computing is a model of service delivery for enabling convenient,on-demand network access to a shared pool of configurable computingresources (e.g. networks, network bandwidth, servers, processing,memory, storage, applications, virtual machines, and services) that canbe rapidly provisioned and released with minimal management effort orinteraction with a provider of the service. This cloud model may includeat least five characteristics, at least three service models, and atleast four deployment models.

Characteristics are as follows:

On-demand self-service: a cloud consumer can unilaterally provisioncomputing capabilities, such as server time and network storage, asneeded automatically without requiring human interaction with theservice's provider.

Broad network access: capabilities are available over a network andaccessed through standard mechanisms that promote use by heterogeneousthin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Resource pooling: the provider's computing resources are pooled to servemultiple consumers using a multi-tenant model, with different physicaland virtual resources dynamically assigned and reassigned according todemand. There is a sense of location independence in that the consumergenerally has no control or knowledge over the exact location of theprovided resources but may be able to specify location at a higher levelof abstraction (e.g., country, state, or datacenter).

Rapid elasticity: capabilities can be rapidly and elasticallyprovisioned, in some cases automatically, to quickly scale out andrapidly released to quickly scale in. To the consumer, the capabilitiesavailable for provisioning often appear to be unlimited and can bepurchased in any quantity at any time.

Measured service: cloud systems automatically control and optimizeresource use by leveraging a metering capability at some level ofabstraction appropriate to the type of service (e.g., storage,processing, bandwidth, and active user accounts). Resource usage can bemonitored, controlled, and reported providing transparency for both theprovider and consumer of the utilized service.

Service Models are as follows:

Software as a Service (SaaS): the capability provided to the consumer isto use the provider's applications running on a cloud infrastructure.The applications are accessible from various client devices through athin client interface such as a web browser (e.g., web-based e-mail).The consumer does not manage or control the underlying cloudinfrastructure including network, servers, operating systems, storage,or even individual application capabilities, with the possible exceptionof limited user-specific application configuration settings.

Platform as a Service (PaaS): the capability provided to the consumer isto deploy onto the cloud infrastructure consumer-created or acquiredapplications created using programming languages and tools supported bythe provider. The consumer does not manage or control the underlyingcloud infrastructure including networks, servers, operating systems, orstorage, but has control over the deployed applications and possiblyapplication hosting environment configurations.

Infrastructure as a Service (IaaS): the capability provided to theconsumer is to provision processing, storage, networks, and otherfundamental computing resources where the consumer is able to deploy andrun arbitrary software, which can include operating systems andapplications. The consumer does not manage or control the underlyingcloud infrastructure but has control over operating systems, storage,deployed applications, and possibly limited control of select networkingcomponents (e.g., host firewalls).

Deployment Models are as follows:

Private cloud: the cloud infrastructure is operated solely for anorganization. It may be managed by the organization or a third party andmay exist on-premises or off-premises.

Community cloud: the cloud infrastructure is shared by severalorganizations and supports a specific community that has shared concerns(e.g., mission, security requirements, policy, and complianceconsiderations). It may be managed by the organizations or a third partyand may exist on-premises or off-premises.

Public cloud: the cloud infrastructure is made available to the generalpublic or a large industry group and is owned by an organization sellingcloud services.

Hybrid cloud: the cloud infrastructure is a composition of two or moreclouds (private, community, or public) that remain unique entities butare bound together by standardized or proprietary technology thatenables data and application portability (e.g., cloud bursting forload-balancing between clouds).

A cloud computing environment is service oriented with a focus onstatelessness, low coupling, modularity, and semantic interoperability.At the heart of cloud computing is an infrastructure comprising anetwork of interconnected nodes.

Referring now to FIG. 4, illustrative cloud computing environment 50 isdepicted. As shown, cloud computing environment 50 comprises one or more(cloud) computing nodes 10 with which local computing devices used bycloud consumers, such as, for example, personal digital assistant (PDA)or cellular telephone 54A, desktop computer 54B, laptop computer 54C,and/or automobile computer system 54N may communicate. Nodes 10 maycommunicate with one another. They may be grouped (not shown) physicallyor virtually, in one or more networks, such as Private, Community,Public, or Hybrid clouds as described hereinabove, or a combinationthereof. This allows cloud computing environment 50 to offerinfrastructure, platforms and/or software as services for which a cloudconsumer does not need to maintain resources on a local computingdevice. It is understood that the types of computing devices 54A-N shownin FIG. 4 are intended to be illustrative only and that computing nodes10 and cloud computing environment 50 can communicate with any type ofcomputerized device over any type of network and/or network addressableconnection (e.g., using a web browser).

Referring now to FIG. 5, a set of functional abstraction layers providedby cloud computing environment 50 (FIG. 4) is shown. It should beunderstood in advance that the components, layers, and functions shownin FIG. 5 are intended to be illustrative only and embodiments of theinvention are not limited thereto. As depicted, the following layers andcorresponding functions are provided:

Hardware and software layer 60 includes hardware and softwarecomponents. Examples of hardware components include: mainframes 61; RISC(Reduced Instruction Set Computer) architecture based servers 62;servers 63; blade servers 64; storage devices 65; and networks andnetworking components 66. In some embodiments, software componentsinclude network application server software 67 and database software 68.

Virtualization layer 70 provides an abstraction layer from which thefollowing examples of virtual entities may be provided: virtual servers71; virtual storage 72; virtual networks 73, including virtual privatenetworks; virtual applications and operating systems 74; and virtualclients 75.

Methods for handling TCP data between networked computer nodes duringblackout periods associated with live kernel updating may be performedin a cloud environment, e.g., in the hardware and software layer 60and/or the virtualization layer 70.

In one example, management layer 80 may provide the functions describedbelow. Resource provisioning 81 provides dynamic procurement ofcomputing resources and other resources that are utilized to performtasks within the cloud computing environment. Metering and Pricing 82provide cost tracking as resources are utilized within the cloudcomputing environment, and billing or invoicing for consumption of theseresources. In one example, these resources may comprise applicationsoftware licenses. Security provides identity verification for cloudconsumers and tasks, as well as protection for data and other resources.User portal 83 provides access to the cloud computing environment forconsumers and system administrators. Service level management 84provides cloud computing resource allocation and management such thatrequired service levels are met. Service Level Agreement (SLA) planningand fulfillment 85 provide pre-arrangement for, and procurement of,cloud computing resources for which a future requirement is anticipatedin accordance with an SLA.

Workloads layer 90 provides examples of functionality for which thecloud computing environment may be utilized. Examples of workloads andfunctions which may be provided from this layer include: mapping andnavigation 91; software development and lifecycle management 92; virtualclassroom education delivery 93; data analytics processing 94;transaction processing 95; and mobile desktop 96.

The present invention may be a system, a method, and/or a computerprogram product at any possible technical detail level of integration.The computer program product may include a computer readable storagemedium (or media) having computer readable program instructions thereonfor causing a processor to carry out aspects of the present invention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, configuration data for integrated circuitry, oreither source code or object code written in any combination of one ormore programming languages, including an object oriented programminglanguage such as Smalltalk, C++, or the like, and procedural programminglanguages, such as the “C” programming language or similar programminglanguages. The computer readable program instructions may executeentirely on the user's computer, partly on the user's computer, as astand-alone software package, partly on the user's computer and partlyon a remote computer or entirely on the remote computer or server. Inthe latter scenario, the remote computer may be connected to the user'scomputer through any type of network, including a local area network(LAN) or a wide area network (WAN), or the connection may be made to anexternal computer (for example, through the Internet using an InternetService Provider). In some embodiments, electronic circuitry including,for example, programmable logic circuitry, field-programmable gatearrays (FPGA), or programmable logic arrays (PLA) may execute thecomputer readable program instructions by utilizing state information ofthe computer readable program instructions to personalize the electroniccircuitry, in order to perform aspects of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the blocks may occur out of theorder noted in the Figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts or carry out combinations of special purpose hardwareand computer instructions.

Detailed embodiments of the claimed structures and methods are disclosedherein; however, it can be understood that the disclosed embodiments aremerely illustrative of the claimed structures and methods that may beembodied in various forms. This invention may, however, be embodied inmany different forms and should not be construed as limited to theexemplary embodiments set forth herein. Rather, these exemplaryembodiments are provided so that this disclosure will be thorough andcomplete and will fully convey the scope of this invention to thoseskilled in the art. In the description, details of well-known featuresand techniques may be omitted to avoid unnecessarily obscuring thepresented embodiments.

References in the specification to “one embodiment”, “an embodiment”,“an example embodiment”, etc., indicate that the embodiment describedmay include a particular feature, structure, or characteristic, butevery embodiment may not necessarily include the particular feature,structure, or characteristic. Moreover, such phrases are not necessarilyreferring to the same embodiment. Further, when a particular feature,structure, or characteristic is described in connection with anembodiment, it is submitted that it is within the knowledge of oneskilled in the art to affect such feature, structure, or characteristicin connection with other embodiments whether or not explicitlydescribed.

The descriptions of the various embodiments of the present inventionhave been presented for purposes of illustration, but are not intendedto be exhaustive or limited to the embodiments disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope and spirit of the invention.The terminology used herein was chosen to best explain the principles ofthe embodiment, the practical application or technical improvement overtechnologies found in the marketplace, or to enable others of ordinaryskill in the art to understand the embodiments disclosed herein.

What is claimed is:
 1. A method for handling transmission controlprotocol (TCP) data between networked computer nodes during blackoutperiods associated with live kernel updating, the method comprising:initiating a live kernel update on a first node, wherein the live kernelupdate comprises performing a network blocking procedure; transmitting,prior to performing the network blocking procedure, a zero window updateto one or more peer nodes; generating a surrogate partition associatedwith the first node; copying network states from an original partitionassociated with the first node to the surrogate partition; restoring thenetwork states on the surrogate partition; and transmitting anotherwindow update to the one or more peer nodes.
 2. The method according toclaim 1, further comprising: transmitting a live kernel update notice toeach peer node from the one or more peer nodes; and wherein, in responseto receiving the zero window update and the live kernel update notice,each peer node from the one or more peer nodes temporarily increases acapacity of a socket send buffer.
 3. The method according to claim 2,further comprising: transmitting a live kernel update completion noticeto a first peer node; and wherein, in response to receiving the livekernel update completion notice, the first peer node reduces thecapacity of the socket send buffer.
 4. The method according to claim 2,further comprising: transmitting a temporary buffer inflation permissionto a first peer node during connection establishment; and wherein thefirst peer node temporarily increases the capacity of the socket sendbuffer based on receiving the zero window update and the live kernelupdate notice, and the temporary buffer inflation permission.
 5. Themethod according to claim 1, wherein transmitting the zero window updatecomprises: scanning a list of process control blocks for a TCPconnection; and transmitting the zero window update through the TCPconnection.
 6. The method according to claim 1, wherein transmitting theanother window update comprises: scanning, during performing the networkblocking procedure, a list of process control blocks for a TCPconnection; and transmitting, after performing the network blockingprocedure, the another window update through the TCP connection.
 7. Themethod according to claim 5, wherein transmitting the another windowupdate comprises: scanning, during performing the network blockingprocedure, the list of process control blocks for all TCP connections;and transmitting, after performing the network blocking procedure, theanother window update through all TCP connections.
 8. A computer programproduct for handling transmission control protocol (TCP) data betweennetworked computer nodes during blackout periods associated with livekernel updating, the computer program product comprising at least onecomputer readable non-transitory storage medium having computer readableprogram instructions thereon for execution by a processor, the computerreadable program instructions comprising program instructions for:initiating a live kernel update on a first node, wherein the live kernelupdate comprises performing a network blocking procedure; transmitting,prior to performing the network blocking procedure, a zero window updateto one or more peer nodes; generating a surrogate partition associatedwith the first node; copying network states from an original partitionassociated with the first node to the surrogate partition; restoring thenetwork states on the surrogate partition; and transmitting anotherwindow update to the one or more peer nodes.
 9. The computer programproduct according to claim 8, wherein the computer readable programinstructions further comprise program instructions for: transmitting alive kernel update notice to each peer node from the one or more peernodes; and wherein, in response to receiving the zero window update andthe live kernel update notice, each peer node from the one or more peernodes temporarily increases a capacity of a socket send buffer.
 10. Thecomputer program product according to claim 9, wherein the computerreadable program instructions further comprise program instructions for:transmitting a live kernel update completion notice to a first peernode; and wherein, in response to receiving the live kernel updatecompletion notice, the first peer node reduces the capacity of thesocket send buffer.
 11. The computer program product according to claim9, wherein the computer readable program instructions further compriseprogram instructions for: transmitting a temporary buffer inflationpermission to a first peer node during connection establishment; andwherein the first peer node temporarily increases the capacity of thesocket send buffer based on receiving the zero window update and thelive kernel update notice, and the temporary buffer inflationpermission.
 12. The computer program product according to claim 8,wherein transmitting the zero window update comprises: scanning a listof process control blocks for a TCP connection; and transmitting thezero window update through the TCP connection.
 13. The computer programproduct according to claim 8, wherein transmitting the another windowupdate comprises: scanning, during performing the network blockingprocedure, a list of process control blocks for a TCP connection; andtransmitting, after performing the network blocking procedure, theanother window update through the TCP connection.
 14. The computerprogram product according to claim 12, wherein transmitting the anotherwindow update comprises: scanning, during performing the networkblocking procedure, the list of process control blocks for all TCPconnections; and transmitting, after performing the network blockingprocedure, the another window update through all TCP connections.
 15. Acomputer system for handling transmission control protocol (TCP) databetween networked computer nodes during blackout periods associated withlive kernel updating, the computer system comprising: at least oneprocessing unit; at least one computer readable memory; at least onecomputer readable tangible, non-transitory storage medium; and programinstructions stored on the at least one computer readable tangible,non-transitory storage medium for execution by the at least oneprocessing unit via the at least one computer readable memory, whereinthe program instructions comprise program instructions for: initiating alive kernel update on a first node, wherein the live kernel updatecomprises performing a network blocking procedure; transmitting, priorto performing the network blocking procedure, a zero window update toone or more peer nodes generating a surrogate partition associated withthe first node; copying network states from an original partitionassociated with the first node to the surrogate partition; restoring thenetwork states on the surrogate partition; and transmitting anotherwindow update to the one or more peer nodes.
 16. The computer systemaccording to claim 15, wherein the program instructions further compriseprogram instructions for: transmitting a live kernel update notice toeach peer node from the one or more peer nodes; and wherein, in responseto receiving the zero window update and the live kernel update notice,each peer node from the one or more peer nodes temporarily increases acapacity of a socket send buffer.
 17. The computer system according toclaim 16, wherein the program instructions further comprise programinstructions for: transmitting a live kernel update completion notice toa first peer node; and wherein, in response to receiving the live kernelupdate completion notice, the first peer node reduces the capacity ofthe socket send buffer.
 18. The computer system according to claim 16,wherein the program instructions further comprise program instructionsfor: transmitting a temporary buffer inflation permission to a firstpeer node during connection establishment; and wherein the first peernode temporarily increases the capacity of the socket send buffer basedon receiving the zero window update and the live kernel update notice,and the temporary buffer inflation permission.
 19. The computer systemaccording to claim 15, wherein transmitting the zero window updatecomprises: scanning a list of process control blocks for a TCPconnection; and transmitting the zero window update through the TCPconnection.
 20. The computer system according to claim 15, whereintransmitting the another window update comprises: scanning, duringperforming the network blocking procedure, a list of process controlblocks for a TCP connection; and transmitting, after performing thenetwork blocking procedure, the another window update through the TCPconnection.